Re: random(4) driver questions

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <levinsasha928@gmail.com>
To: "Ted Ts'o" <tytso@mit.edu>
Cc: Sandy Harris <sandyinchina@gmail.com>,
	LKML <linux-kernel@vger.kernel.org>
Subject: Re: random(4) driver questions
Date: Mon, 27 Jun 2011 11:08:13 -0400	[thread overview]
Message-ID: <1309187293.15376.3.camel@lappy> (raw)
In-Reply-To: <20110627145442.GA2729@thunk.org>

On Mon, 2011-06-27 at 10:54 -0400, Ted Ts'o wrote:
> > What happens to /dev/random when it runs on
> > a virtual machine and all the things it relies on
> > for entropy get virtualised away?
> > 
> > The server that the VM is hosted on will usually
> > have plenty of entropy, often a hardware RNG.
> > Is there an interface that makes that visible
> > from the VM? Perhaps a virtual "hardware"
> > RNG driven by /dev/urandom on the host?
> 
> Yes, paravirtualizing the random number generator would be a big help.
> Probably what I would do is to periodically add entropy from the host
> OS to the guest OS, via some paravirt channel.  This would add a new
> "catastrophic reseeding", and if the virtual guest can mix in some
> other unknown material, again that can only help.

virtio has a 'virtio-rng' device which does just that.

-- 

Sasha.

next prev parent reply	other threads:[~2011-06-27 15:08 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-06-25  5:51 random(4) driver questions Sandy Harris
2011-06-25 12:53 ` Alexander Clouter
2011-06-27 14:54 ` Ted Ts'o
2011-06-27 15:08   ` Sasha Levin [this message]
2011-06-28  4:44   ` Johann Meier
2011-06-28  5:47     ` Sandy Harris
2011-06-28 19:44       ` Henrique de Moraes Holschuh
2011-06-28  6:02   ` Sandy Harris
2011-06-28 14:42     ` Ted Ts'o

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1309187293.15376.3.camel@lappy \
    --to=levinsasha928@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sandyinchina@gmail.com \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.